What is a Phishing Attack?
Phishing attacks are one of the most prevalent methods of cybercrime because they are easy to deploy, can bypass detection methods, and offer low risk and cost.
The term “phishing” can be traced as far back as 1987. Since then, the risk of falling victim to a phishing attack has increased incrementally due to the world-changing adoption of internet users and the constant pool of personal information available through social media.
Phishing attacks are an email-based form of social engineering. Disguised as legitimate communication, the fraudulent email tricks the recipient into responding by enticing them to click a link, open an attachment, or directly provide sensitive information.
Phishing attacks have become one of the most prevalent methods of cybercrime because they are effective due to their ability to bypass detection methods and offer low risk as there is little chance of capture or retribution. Email is simple to deploy, making it easy to send large quantities of messages in a single attempt. Adding to the ease of deployment is the availability of low-cost phishing kits that include website development software, coding, spamming software, and content that can be utilized to create convincing websites and emails.
The attacker composes email messages of varying levels of sophistication.
- Low: These emails are untargeted and deployed in bulk, casting a wide net in an effort to successfully victimize at least one recipient. These emails contain several “tells” that indicate an attack, such as improper grammar or plain text, or they are sent from an unknown or improbable source.
- Moderate: More believable, these emails contain real branding from real websites. They have legitimate formatting and proper grammar, but remain impersonal.
- Complex: These types of phishing attacks are the most difficult to identify. They are realistic and highly personal, coming from known or trusted sources. The attackers utilize specific, known details about the recipient gathered from internal and public sources to trick the recipient into taking the desired action.
- Click only: This is a one-step process in which the email urges the recipient to click an embedded link.
- Data entry: The email includes a link to a customized landing page that requires the user to enter sensitive information.
- Attachment-based: The email contains a seemingly legitimate attachment that could be in varying formats (Word, Excel®, PDF, etc.).
- Double barrel: This utilizes two emails. One is benign and doesn’t contain anything malicious nor does it require a response; the second is a follow-up that contains the malicious element in either of the above forms.
The email will also contain a malicious element necessary to execute the attack and compromise the user.
The combination of content, context and emotional motivators is often what drives the success of a phishing attack. Should the phishing attack have the appropriate complexity, and the recipient takes the desired action, the attacker would then have gained the ability to access their personal information or the ability to penetrate the network and access vital information.
As with any organization, a comprehensive security platform that addresses people, technology and process minimizes the likelihood of a successful phishing attack. In the case of people, security awareness training will educate the recipients on what to look for in a phishing email and to report suspicious emails to their security teams. When it comes to technology, the utilization of sandboxing will analyze the unknown link or file and implement policy to prevent access if it is determined malicious; URL filtering will block known malicious websites and unknown websites to prevent attacks early on; and access to a threat intelligence cloud provides the combined knowledge of the global community, enabling protections if a similar attack has been seen before. To address the process, there should be a hierarchy of actions to take should a phishing attack successfully penetrate the network.